News & Commentary

03:02 PM
Mary Ellen Biery, Sageworks
Mary Ellen Biery, Sageworks
Commentary
100%
0%

4 Ways to Mitigate Risk in Banking

Some tips banks can use to improve their stress testing, credit analysis and other risk-related processes.

Bankers in today’s environment face a number of challenges, including deciphering and complying with ongoing regulatory changes, developing and conducting adequate stress testing methods, and justifying or defending changes in their allowance reserves.

But bankers can do many things to mitigate risk in those areas, according to several industry experts participating in the 2nd Annual Sageworks Risk Management Summit next month. Here are four pieces of advice:

1. Document the rationale for loan upgrades. Linda Keith CPA, whose firm trains business lenders in credit analysis, says bankers should be careful to document the thinking behind their judgment that a loan should be upgraded for purposes of the allowance for loan and lease losses (ALLL). “It’s important to eliminate regulator guesswork,” she says. It’s also important, she says, for financial institutions to verify that guidelines for analyzing a potential upgrade are “clear, clearly communicated to, and consistently followed.” Keith will help lead a presentation on deciding and defending upgraded loans for the ALLL at the Dec. 5-6 summit.

2. Don’t be afraid to uncover vulnerabilities. RMPI Consulting partner Jay Gallo, who will discuss “Integrating Risk Appetite, Stress Testing and Capital Planning,” says stress testing is positive in that it enables financial institutions to gauge their potential vulnerability to exceptional but plausible adverse events. “Stress testing should assess and quantify your institution’s vulnerabilities under multiple unfavorable scenarios,” he says. “Once the potential downside is understood, you can take steps to reduce or mitigate those risks, or you can ensure you have sufficient capital to manage those risks.”

[For More On Stress Testing, CHeck Out: How Legacy Systems and Lack of Data Undermine Stress Tests]

3. Develop a successful stress testing framework with three “knows.” Jack Gregory and Dave Keever, senior stress testing and credit experts for Crowe Horwath, say financial institutions looking to prepare and manage stress test forecasts need to know three key things: • The institution’s portfolio.

• The scenarios and their impact on the bank’s capital and liquidity.

• The forecasts including what they show and why.

Gregory and Keever’s presentation will also outline three lines of defense all institutions need for stress-test production. 4. Set deadlines. “To make the year-end ALLL as efficient as possible, it is best to get as much work done as possible prior to year end,” says Mike Lubansky, director of consulting services at Sageworks. To do that, financial institutions should set hard deadlines for:

• Risk-rating changes.

• Charge-offs.

• Updating the core system to reflect the risk-rating changes.

• Determining the loans that need to be reviewed for impairment (FAS 114/ ASC 310).

• Updating the data on the impairment analyses (appraisal values and selling costs, or cash flows).

Industry experts will participate in a panel discussion on year-end ALLL calculations at the summit.

Mary Ellen Biery is a research specialist at Sageworks.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Steven Cavanaugh
50%
50%
Steven Cavanaugh,
User Rank: Apprentice
11/19/2013 | 1:24:46 AM
re: 4 Ways to Mitigate Risk in Banking
This article is curiously missing any mention of Big Data, and the ways that predictive analytics can support credit decisions.
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Janice, I think I've got a message from the code father!
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.